Around the turn of the millennium, Microsoft allowed and even encouraged those who set up networks based on its Active Directory technology for business to use "corp.com" as an internal domain. These networks use domain names just as the internet does, and "corp" in this case was a default.
That works so long as the PCs doing the searching and sending of data are behind an institution's firewall. But if you take those computers outside that environment — say, to a coffee shop or a home office — then they might start looking on the internet at the corp.com public domain. It's a good thing that the domain squatter who owns corp.com has never made it active, because then searches, login credentials and private communications might get directed its way.
But as security-focused journalist Brian Krebs writes in this deeply unsettling tale, that may be about to change. Mike O'Connor, a longtime "domain investor," wants to divest himself of corp.com for about $1.7 million. Whoever ends up buying it would be faced with a heavy burden.
CELLULAR: T-Mobile and Sprint are merging. Here's what it means to you.
Or, if they're into cybercrime, would hit the jackpot.
As Krebs writes, the ideal situation is for Microsoft to buy the domain and lock it down. But the last time O'Connor and Microsoft discussed a price for it, the software giant — which last quarter had sales of $36.9 billion and profits of $11.6 billion — offered him a piddling $20,000.
How bad is this issue, which involves a problem known as a "namespace collision"? Consider what happened when, Krebs writes, security researcher Jeff Schmidt was briefly given access to corp.com, set it up as a live internet destination and captured information aimed at it:
"During an eight month analysis of wayward internal corporate traffic destined for corp.com in 2019, Schmidt found more than 375,000 Windows PCs were trying to send this domain information it had no business receiving — including attempts to log in to internal corporate networks and access specific file shares on those networks.
“For a brief period during that testing, Schmidt’s company JAS Global Advisors accepted connections at corp.com that mimicked the way local Windows networks handle logins and file-sharing attempts.
SCRUTINY: Feds take a look at older Big Tech acquisitions
" 'It was terrifying,' Schmidt said. 'We discontinued the experiment after 15 minutes and destroyed the data. A well-known offensive tester that consulted with JAS on this remarked that during the experiment it was ‘raining credentials’ and that he’d never seen anything like it.' ”
A similar thing happened when Schmidt and his group set up the domain to capture email. In an hour, 12 million messages flowed in, many of them extremely sensitive in nature. Schmidt shut down that experiment and deleted the data.
There are ways IT managers can fix the problem on individual networks, but given how long "corp" has been used in Windows internal domains, it would be a Herculean task to find and change every instance, leaving parts of a big network non-functional until all uses were found and fixed.
Release Notes: Get Dwight Silverman’s weekly tech newsletter in your inbox each Monday
Indeed, the simplest solution would be for someone like Microsoft — or maybe ICANN, the entity in charge of the internet's domain system — to acquire corp.com and put it into permanent lockdown. Even better would be for O'Connor to just give it to Microsoft or ICANN. But as Krebs' story explains near the end, that's not in the cards.
“It seems to me that Microsoft should stand up and shoulder the burden of the mistake they made,” O’Connor told Krebs. “But they’ve shown no real interest in doing that, and so I’ve shown no interest in giving it to them.”
For those who think O’Connor is just trying to make a fast buck off Microsoft, Krebs writes that, at 71, O’Connor is heading toward retirement and wants to clean up his estate so his kids don’t have to deal with this. And Krebs told me on Twitter that he approached O’Connor for the story, so he wasn’t looking for publicity.
If you work for a company that uses Windows and has corp.com as its internal network name, share this email and Krebs' story at houstonchronicle.com/corpcom with your IT chief. Raise awareness now.
[This story first appeared in Dwight Silverman’s Release Notes weekly newsletter. Sign up to get it at houstonchronicle.com/releasenotes.]
dwight.silverman@chron.com
twitter.com/dsilverman
houstonchronicle.com/techburger
"corp" - Google News
February 12, 2020 at 08:51PM
https://ift.tt/2UL6jvu
Microsoft’s corp.com default makes for a potential security disaster - Houston Chronicle
"corp" - Google News
https://ift.tt/2RhVoHj
Shoes Man Tutorial
Pos News Update
Meme Update
Korean Entertainment News
Japan News Update
Bagikan Berita Ini
0 Response to "Microsoft’s corp.com default makes for a potential security disaster - Houston Chronicle"
Post a Comment